FireBall
asked on
SRX3600 Packet header
How should i see packet headers of an ip address's traffic , and then block matching headers ?
Is this Linux or other? If Linux, you can write iptables rules to match on arbitrary bytes in a header
ASKER
Linux but srx can not handle small packages while there is no rule it is locking
If you can make a tcpdump expression to view only the problem packets then you can make a rule to reject them:
Enter man iptables-extensions to see an example
Use nfbpf_compile to convert the tcpdump expression to the format expected by the iptables bpf extension
Add a bpf rule to accept or reject as required
Enter man iptables-extensions to see an example
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But be wary not to run it on long term as it is supposed for debugging or short period, else the performance may be impacted due to storage and high CPU/mem resource during such processing ....
However to the depth of filter based on IP hdr filed may not be as granular as you see this example where the sec policy include to ip address and appl protocol..likely have to explore other alternate devices etc (like web appl fw for http filter...) @ http://www.mustbegeek.com/configure-firewall-rule-in-juniper-srx/